BREAKING THE LAWS OF ROBOTICS: ATTACKING INDUSTRIAL ROBOTS

Presented at TROOPERS18 (2018), March 13, 2018, 1:30 p.m. (Unknown duration).

In this talk, we will show how (by combining a set of vulnerabilities that we actually exploited on real robots) remote attackers are able to violate the fundamental laws governing robots, up to the point where they can alter the manufactured product, physically damage the robot, steal industry secrets, or injure humans. We will cover in-depth technical aspects (e.g., reverse engineering and vulnerability details, and attack PoCs), along with a broader discussion of the security posture of Industry 4.0 deployments.

Industrial robots are complex cyber-physical systems used for manufacturing, and a critical component of any modern factory. These robots aren't just electromechanical devices but include complex embedded controllers, which are often interconnected with other computers in the factory network, safety systems, and to the Internet for remote monitoring and maintenance. In this scenario, industrial routers also play a key role, because they directly expose the robot's controller. Therefore, the impact of a single, simple vulnerability can grant attackers an easy entry point.

Industrial robots must follow three fundamental laws: accurately "read" from the physical world through sensors and "write" (i.e. perform actions) through actuators, refuse to execute self-damaging control logic, and most importantly, echoing Asimov, never harm humans. By combining a set of vulnerabilities we discovered on a real robot, we will demonstrate how remote attackers are able to violate such fundamental laws up to the point where they can alter the manufactured product, physically damage the robot, steal industry secrets, or injure humans.

We will cover in-depth technical aspects (e.g., reverse engineering and vulnerability details, and attack PoCs), alongside a broader discussion on the security posture of industrial routers and robots: Why these devices are attractive for attackers? What could they achieve? Are they hard to compromise? How can their security be improved?


Presenters:

  • Davide Quarta
    Davide Quarta is a PhD student at Politecnico di Milano in Italy, he works under the supervision of Stefano Zanero and Federico Maggi in the NECST Laboratory, inside the Dipartimento di Elettronica, Informazione e Bioingegneria (DEIB). His research interests mainly comprise the security of embedded systems, with a focus on attacks and vulnerability discovery. Other research areas of his interest include malware analysis and reverse engineering. His passion for security topics led him to work on different projects as a freelance consultant. He spends his free time tumbling in the gym and playing CTF competitions with Politecnico's team, Tower of Hanoi

Links:

Similar Presentations: